[UTCTF 2024] crypto 部分

RSA-256

RSA签到太简单了

N = 77483692467084448965814418730866278616923517800664484047176015901835675610073
e = 65537
c = 43711206624343807006656378470987868686365943634542525258065694164173101323321
p,q=1025252665848145091840062845209085931,75575216771551332467177108987001026743883
long_to_bytes(pow(c,invert(e,(p-1)*(q-1)),N))#utflag{just_send_plaintext}

Beginner: Anti-dcode.fr

这题一开始还真虎了一下，给了caeser加密的flag并加了大量字符，只需要把26种情况列出来，然后用正则表达式找出来就行了

import re 
import string def caeser(m,i):t = ''for v in m:if v in string.ascii_lowercase:t += chr(ord('a')+(ord(v)-ord('a')+i)%26)else:t += v return t msg = open('c3_LoooongCaesarCipher.txt').read()for i in range(26):tmsg = caeser(msg,i)it = re.finditer(r"utflag\{[a-zA-Z_]+\}",tmsg)for v in it:print(v.group())#utflag{rip_dcode}

numbers go brrr

现在怎么弄个题就有远端，先是生成一个随机种子，然后生成key进行AES加密，远端提供加密和flag密文，但是由于seed太小只有10**6爆破一下即可。不过这个远端确实没大意思，手工得到密文再爆破即可。

#!/usr/bin/env python3
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import randomseed = random.randint(0, 10 ** 6)
def get_random_number():global seed seed = int(str(seed * seed).zfill(12)[3:9])return seeddef encrypt(message):key = b''for i in range(8):key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')cipher = AES.new(key, AES.MODE_ECB)ciphertext = cipher.encrypt(pad(message, AES.block_size))return ciphertext.hex()print("Thanks for using our encryption service! To get the encrypted flag, type 1. To encrypt a message, type 2.")
while True:print("What would you like to do (1 - get encrypted flag, 2 - encrypt a message)?")user_input = int(input())if(user_input == 1):breakprint("What is your message?")message = input()print("Here is your encrypted message:", encrypt(message.encode()))flag = open('/src/flag.txt', 'r').read();
print("Here is the encrypted flag:", encrypt(flag.encode()))

c = 'bafc0c65ea2e10ae53ae0c36cb2d7f622f8fedbc2aee2ccf18c8f63ec55026538ec4ffcd12d6d1e828ff19481e78a360'
c = bytes.fromhex(c)from Crypto.Cipher import AESdef get_random_number():global seed seed = int(str(seed * seed).zfill(12)[3:9])return seeddef encrypt(message):key = b''for i in range(8):key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')cipher = AES.new(key, AES.MODE_ECB)ciphertext = cipher.decrypt(message)return ciphertextfor seed in range(10**6):flag = encrypt(c)if b'utflag{' in flag:print(flag)#utflag{deep_seated_and_recurring_self-doubts}

numbers go brrr 2

与上题基本相似，但需要猜对3次，这个可以作到100次，这样如果爆破就会超时。所以这题先生成字典，其它直接查表回复即可。

#!/usr/bin/env python3
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import randomseed = random.randint(0, 10 ** 6)
def get_random_number():global seed seed = int(str(seed * seed).zfill(12)[3:9])return seeddef encrypt(message):key = b''for i in range(8):key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')cipher = AES.new(key, AES.MODE_ECB)ciphertext = cipher.encrypt(pad(message, AES.block_size))return key.hex(), ciphertext.hex()print("Thanks for using our encryption service! To get the start guessing, type 1. To encrypt a message, type 2.")
print("You will need to guess the key (you get 250 guesses for one key). You will do this 3 times!")for i in range(3):seed = random.randint(0, 10 ** 6)print("Find the key " + str(i + 1) + " of 3!")key = encrypt(b"random text to initalize key")[0]while True:print("What would you like to do (1 - guess the key, 2 - encrypt a message)?")user_input = int(input())if(user_input == 1):breakprint("What is your message?")message = input()key, ciphertext = encrypt(message.encode())print("Here is your encrypted message:", ciphertext)print("You have 250 guesses to find the key!")found = Falsefor j in range(250):print("What is your guess (in hex)?")guess = str(input()).lower()if guess == key:print("You found the key!")found = Truebreakelse:print("That is not the key!")if not found:print("You did not find the key!")exit(0)flag = open('/src/flag.txt', 'r').read();
print("Here is the flag:", flag)

from pwn import *
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import randomdef get_random_number():global seed seed = int(str(seed * seed).zfill(12)[3:9])return seeddef encrypt(message):key = b''for i in range(8):key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')cipher = AES.new(key, AES.MODE_ECB)ciphertext = cipher.encrypt(pad(message, AES.block_size))return key.hex(), ciphertext.hex()# 字典 cipher:key
dic = {}
msg = b"random text to initalize key"
for seed in range(10**6):key,cipher = encrypt(msg)dic[cipher] = key #attack
p = remote('betta.utctf.live', 2435)
context(arch='amd64', log_level='debug')for _ in range(3):p.sendlineafter(b"What would you like to do (1 - guess the key, 2 - encrypt a message)?\n", b'2')p.sendlineafter(b"What is your message?", msg)p.recvuntil(b"Here is your encrypted message:")c = p.recvline().decode().strip()key = dic[c]p.sendlineafter(b"What would you like to do (1 - guess the key, 2 - encrypt a message)?\n", b'1')p.sendlineafter(b"What is your guess (in hex)?\n", key.encode())p.recvline()p.recvline()
p.interactive()

bits and pieces

回到RSA，给了3组n,e,c第1个n可以在factor.db分解，第2和第3有公因子

n1=16895844090302140592659203092326754397916615877156418083775983326567262857434286784352755691231372524046947817027609871339779052340298851455825343914565349651333283551138205456284824077873043013595313773956794816682958706482754685120090750397747015038669047713101397337825418638859770626618854997324831793483659910322937454178396049671348919161991562332828398316094938835561259917841140366936226953293604869404280861112141284704018480497443189808649594222983536682286615023646284397886256209485789545675225329069539408667982428192470430204799653602931007107335558965120815430420898506688511671241705574335613090682013
e1= 65537
c1=7818321254750334008379589501292325137682074322887683915464861106561934924365660251934320703022566522347141167914364318838415147127470950035180892461318743733126352087505518644388733527228841614726465965063829798897019439281915857574681062185664885100301873341937972872093168047018772766147350521571412432577721606426701002748739547026207569446359265024200993747841661884692928926039185964274224841237045619928248330951699007619244530879692563852129885323775823816451787955743942968401187507702618237082254283484203161006940664144806744142758756632646039371103714891470816121641325719797534020540250766889785919814382n2= 22160567763948492895090996477047180485455524932702696697570991168736807463988465318899280678030104758714228331712868417831523511943197686617200545714707332594532611440360591874484774459472586464202240208125663048882939144024375040954148333792401257005790372881106262295967972148685076689432551379850079201234407868804450612865472429316169948404048708078383285810578598637431494164050174843806035033795105585543061957794162099125273596995686952118842090801867908842775373362066408634559153339824637727686109642585264413233583449179272399592842009933883647300090091041520319428330663770540635256486617825262149407200317
e2= 65537
c2= 19690520754051173647211685164072637555800784045910293368304706863370317909953687036313142136905145035923461684882237012444470624603324950525342723531350867347220681870482876998144413576696234307889695564386378507641438147676387327512816972488162619290220067572175960616418052216207456516160477378246666363877325851823689429475469383672825775159901117234555363911938490115559955086071530659273866145507400856136591391884526718884267990093630051614232280554396776513566245029154917966361698708629039129727327128483243363394841238956869151344974086425362274696045998136718784402364220587942046822063205137520791363319144n3= 30411521910612406343993844830038303042143033746292579505901870953143975096282414718336718528037226099433670922614061664943892535514165683437199134278311973454116349060301041910849566746140890727885805721657086881479617492719586633881232556353366139554061188176830768575643015098049227964483233358203790768451798571704097416317067159175992894745746804122229684121275771877235870287805477152050742436672871552080666302532175003523693101768152753770024596485981429603734379784791055870925138803002395176578318147445903935688821423158926063921552282638439035914577171715576836189246536239295484699682522744627111615899081
e3= 65537
c3= 17407076170882273876432597038388758264230617761068651657734759714156681119134231664293550430901872572856333330745780794113236587515588367725879684954488698153571665447141528395185542787913364717776209909588729447283115651585815847333568874548696816813748100515388820080812467785181990042664564706242879424162602753729028187519433639583471983065246575409341038859576101783940398158000236250734758549527625716150775997198493235465480875148169558815498752869321570202908633179473348243670372581519248414555681834596365572626822309814663046580083035403339576751500705695598043247593357230327746709126221695232509039271637

from Crypto.Util.number import *#第1段factor.db可分解
p = 129984014749130366259742130443330376923069118727641845190136006048911945242427603092160936004682857611235008521722596025476170673607376869837675885556290582081941522328978811710862857253777650447221864279732376499043513950683086803379743964370215090077032772967632331576620201195241241611325672953583711295127
q = n1//p 
m1 = pow(c1,invert(e1,(p-1)*(q-1)),n1)
long_to_bytes(m1)#2，3有公因子
p = gcd(n2,n3)
q = n2//p
m2 = pow(c2,invert(e2,(p-1)*(q-1)),n2)
long_to_bytes(m2)q = n3//p 
m3 = pow(c3,invert(e3,(p-1)*(q-1)),n3)
long_to_bytes(m3)#utflag{oh_no_it_didnt_work_</3_i_guess_i_can_just_use_standard_libraries_in_the_future}

Cryptordle

这题有点意思，随机生成5个字节串a-z，然后可以猜6次，如果不正确会返回对应位置差的积模31。

假设串里没有yz，然后猜zzzzz这个差的积表示为a*b*c*d*e=k1 (mod 31)，然后第2次猜zzzzy那么第2次结果就是a*b*c*d*(e-1)=k2 两式可以得到a*b*c*d=k1-k2，第3次a*b*c*(d-1)*e=k3得到a*b*c*e=k1-k3这样猜5次可能得到5个算式，从而求出与猜测数的差。在原串不包含的yz的情况（概率很大）即可猜对，得到flag

#!/usr/bin/env python3
import randomwordlist = open('/src/wordlist.txt', 'r').read().split('\n')for word in wordlist:assert len(word) == 5for letter in word:assert letter in 'abcdefghijklmnopqrstuvwxyz'for attempt in range(3):answer = random.choice(wordlist)num_guesses = 0while True:num_guesses += 1print("What's your guess?")guess = input().lower()assert len(guess) == 5for letter in guess:assert letter in 'abcdefghijklmnopqrstuvwxyz'if guess == answer:breakresponse = 1for x in range(5):a = ord(guess[x]) - ord('a')b = ord(answer[x]) - ord('a')response = (response * (a-b)) % 31print(response)if num_guesses > 6:print("Sorry, you took more than 6 tries. No flag for you :(")exit()else:print("Good job! Onward...")if num_guesses <= 6:print('Nice! You got it :) Have a flag:')flag = open('/src/flag.txt', 'r').read()print(flag)
else:print("Sorry, you took more than 6 tries. No flag for you :(")

from pwn import *def getv(k):for a in range(1,26):for b in range(1,26):for c in range(1,26):for d in range(1,26):for e in range(1,26):if a*b*c*d*e%31 == k[0] and a*b*c*d%31 == (k[0]-k[1])%31 and a*b*c*e%31 == (k[0]-k[2])%31 and a*b*d*e%31 == (k[0]-k[3])%31 and a*c*d*e%31 == (k[0]-k[4])%31:print(a,b,c,d,e)return [a,b,c,d,e]ss = 'zzzzz zzzzy zzzyz zzyzz zyzzz'.split()p = remote('betta.utctf.live', 7496)
context(arch='amd64', log_level='debug')for _ in range(3):k = [0]*5for i in range(5):p.sendlineafter(b"What's your guess?\n", ss[i].encode())k[i] = int(p.recvline())r = getv(k)ans = bytes([97+(25-i) for i in r])p.sendlineafter(b"What's your guess?\n", ans)p.recvline()
p.recvline()
p.interactive()
#utflag{sometimes_pure_guessing_is_the_strat}

simple signature

这题始终没弄明白是怎么回事，没有附件，名字应该是说rsa签名，连接远端后输入数字会返回签名，相同的值连续输入后签名会不同。一直没弄明白要干嘛，但是连上以后发现如果先输入2，下交再输入1，就会得到与2一样的签名，也就达到预测的目的。

┌──(kali㉿kali)-[~/ctf/2403/vctf]
└─$ nc betta.utctf.live 4374
Welcome to the signature generator!
This service generates signatures for nonnegative integer messages.
Today's RSA parameters are:
n = 24818102468811742954179239941243000716474501576123062067907829905430437901641852824068409901460799845657311850995901841958536939006794455987320373541121185242495836205822506607976283699695770788514568794824731256744835172302608153871422130811421910736529023113284124417589940184203700106133856728315001792637498890342036475547535012939102224134530598151180826137497341472979647552555158629718259982288814053241627971023861718937371958732493006607656878622399979648296189545707685195805665555639904117900173399017646238696499618368773448507979239551946276657409846690226182166731587504995398512320220459430521589080197
e = 65537
Enter a message (enter 0 to stop): 1
Your signature is: 1
Enter a message (enter 0 to stop): 2
Your signature is: 8474196947803533415733926946288621167800325325962982251402337505581143635067918022935805728075817903116613113367989317039654273946476810366296878926097987190319563502071276868913046806449442742795695617672295024620405377123651429702461014503593444401165698658249755611191224870254493173733264700499121082221810383967811506072327295903811645987977053176877105892657538765579204957786823451883476290334010100831492394693738564096256123529393157254612699115968503772851780019438114403267463556541879055058987253847404097624963359390684308026600528231881065712324215649550650437522056177720235585099984088332628262942823
Enter a message (enter 0 to stop): 1
Your signature is: 8474196947803533415733926946288621167800325325962982251402337505581143635067918022935805728075817903116613113367989317039654273946476810366296878926097987190319563502071276868913046806449442742795695617672295024620405377123651429702461014503593444401165698658249755611191224870254493173733264700499121082221810383967811506072327295903811645987977053176877105892657538765579204957786823451883476290334010100831492394693738564096256123529393157254612699115968503772851780019438114403267463556541879055058987253847404097624963359390684308026600528231881065712324215649550650437522056177720235585099984088332628262942823
Enter a message (enter 0 to stop): 1
Your signature is: 23784380698418881947187441817753248953602582666015250006315895732072377551023297973305493503429229749498094850262405747043349452419523326581766478628643656190125043940275563647293283965939161810348720112888366878790117973130057449035086376268023838684367146711197158277795175379096567770182635820734141271885186936126036832490162107468141705519410469739114649621367488428457007357933727880467407081263423609508940612661504660084481093544695472778156750123473407819773407277749365125795727289062143626732871723931274810578532062756986914047787260372788280114883837170889065943861850733848359302117469870387055716205702
Enter a message (enter 0 to stop): 1
Your signature is: 15717917765030286634947085177672319844843662144464689727661189549005403620576417166560380356708124131369945465052199016087065005103192371199023021257752765744435976766220452956843484873701003328346459589837438366788790964925034212015549465531269393591529106522201870325394843957220433532193965795086295816558841647124670693531326819267529677780791798648068377431919322529878963496419268634341455387582378441147529298925195039335123704075857062512131770006073683529470336499500840854010294985809979440503533088389438388739057159792361854523232857038933446006449398830845788233272100898213169401327014565088788290933102
Enter a message (enter 0 to stop): 2
Your signature is: 15895820807604611641884387992674411592007518018579007510467725931909969718394325643052615463292826914612474291095732240705442912465514890650431300497476041921631388756141297981207460794049933856015303848687045557740279795292807002248034205031530423456759122573906183605230468655303159631689938987372719142119176571761056224050225767854035466398259804698786699558549469207404575982678590628995227771764981693037671178454799012693242378522572012507695668347198867734025830059898532306013468571392129006772564190463048243160428421930056829679932114957571809250594776289218937688359196728965059537599786360763909504526901
Enter a message (enter 0 to stop): 1
Your signature is: 15895820807604611641884387992674411592007518018579007510467725931909969718394325643052615463292826914612474291095732240705442912465514890650431300497476041921631388756141297981207460794049933856015303848687045557740279795292807002248034205031530423456759122573906183605230468655303159631689938987372719142119176571761056224050225767854035466398259804698786699558549469207404575982678590628995227771764981693037671178454799012693242378522572012507695668347198867734025830059898532306013468571392129006772564190463048243160428421930056829679932114957571809250594776289218937688359196728965059537599786360763909504526901
Enter a message (enter 0 to stop): 2
Your signature is: 4968829646702234813748834917867089760618485624820241505565033454925753393927663174731892684045264388687039088510331244619265399290666695483431766681288337496105280038241406206073532364202587602052230282413927198357843182527129582634282168656699411884422258935098341022499796481781971061602383259724726609388876616745337301835614289654363068699506922148593185065158291832010623434422119461965497746317027431994099446560574616148467995707356122859069024375423396730830008084403180478529980372159760813949593128845255526274311983622015423196424096262920922832675084332112869555671905730454566892630109479113776916484640
Enter a message (enter 0 to stop): 0
Now, come up with your own pair!
Enter a message: 1
Enter a signature: 4968829646702234813748834917867089760618485624820241505565033454925753393927663174731892684045264388687039088510331244619265399290666695483431766681288337496105280038241406206073532364202587602052230282413927198357843182527129582634282168656699411884422258935098341022499796481781971061602383259724726609388876616745337301835614289654363068699506922148593185065158291832010623434422119461965497746317027431994099446560574616148467995707356122859069024375423396730830008084403180478529980372159760813949593128845255526274311983622015423196424096262920922832675084332112869555671905730454566892630109479113776916484640
Congrats! Here is the flag: utflag{a1m05t_t3xtb00k_3x3rc153}